Dustin
c48076b8f0
Initially, I thought it was necessary to use a ClusterRole in order to assign permissions in one namespace to a service account in another. It turns out, this is not necessary, as RoleBinding rules can refer to subjects in any namespace. Thus, we can limit the privileges of the *dynk8s-provisioner* service account by only allowing it access to the Secret and ConfigMap resources in the *kube-system* and *kube-public* namespaces, respectively, plus the Secret resources in its own namespace. |
||
|---|---|---|
| .. | ||
| data/sns | ||
| integration | ||
| genkubeconfig.sh | ||
| setup.yaml | ||